|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
Intrusion
Detection Systems:
Activis
Activis offers a wide range of managed security services,
including intrusion detection. With 24/7 monitoring from its three security
management centers worldwide, the company possesses global security expertise.
[February 27, 2002] |
 |
Activis is the managed services division of Articon-Integralis AG, an Internet security company formed in 2000 from the merger of the German company Articon Information Systems AG and the British company Integralis. Besides Activis, the company's other divisions include Allasso, a channel solutions company, and Integralis, a provider of corporate security products.
Since the company's initial formation two years ago, a number of acquisitions
have added to Articon-Integralis' portfolio, including the U.S.-based
Atlantic Computing, which gave Articon-Integralis its first foothold in
America. The company now maintains three security management centers worldwide—one in the U.K., one in Germany, and one in Hartford, Connecticut.
|
Activis
USA |
 |
Activis' managed firewall services work with both Check Point's Firewall-1 and Cisco System's PIX Firewall. According to Activis Product Manager Richard Walters, that's a strong selling point.
"The majority of managed service providers only support one platform," Walters said. "We're accredited by both Check Point and Cisco."
The company's e:)scan e-mail security service covers everything from anti-virus to full scanning of e-mail text—looking for everything from profanities to implied breaches of confidence—and that's only the beginning.
"We offer managed WebSense and managed Finjan as well, so if a customer is worried about Internet access management, employees surfing the wrong type of sites during the working day, we can manage that for them," Walters said.
Activis' vulnerability assessment services include both VSS, a one-time vulnerability scanning service, and FoundScan, a continuous managed vulnerability assessment service. FoundScan is a solution from the California-based FoundStone, Inc., to which Activis currently has exclusive rights as a European reseller.
Finally, the company's managed intrusion detection service covers both ISS' RealSecure and Cisco's Secure IDS.
"If you look at the market share that ISS holds today, currently it's at 48 to 52 percent, depending on which report you read—and Cisco are firmly there in second place with about 26 percent," Walters said. "We've always had the strategy of supporting the products that people actually purchase."
They know IDS
As one of ISS' largest channel partners in Europe, Walters explains, Activis
delivers a significant portion of ISS' European license revenue. An extensive
knowledge base, pulling from a wide variety of sources, gives the company
a solid background in making sense of attacks as they occur. "We understand
IDS," Walters said. "We have a phenomenal breadth and depth of experience
in deploying IDS products."
According to Walters, most organizations that deploy their own IDS sensors find that comprehending the data produced is the greatest challenge. "In Network Intrusion Detection: An Analyst's Handbook, Stephen Northcutt suggested that false positives could be as high as 93 percent," he said. "You need somebody with a lot of IDS experience to understand which alerts are real and require some immediate response."
Activis' ability to correlate across time, Walters suggests, is the key to tracking down the real attacks. Looking at alerts over a longer period can allow Activis to perceive crucial connections between various events. "Most attacks, if they are serious, are well planned and well thought out," he said. "The whole attack won't be executed in the space of a day: it will typically take place across weeks or months."
Correlation across sensor, he adds, is equally important. "Typically, we find that people are deploying IDS in disparate geographical locations," Walters said. "If they are being subjected to a serious attack, quite often you'll find same or similar attacks thrown against different locations. So to get a complete picture of the threat of the attack, correlation across sensor in different geographical locations can be very important."
Finally, correlation across lock provides an additional perspective. "When we're also managing firewalls, we can correlate alerts from, say, Firewall-1 with events from ISS RealSecure—which can be very powerful in reducing the number of false positives," Walters said. "If the firewall is seeing a denial of service attack but the IDS behind the firewall isn't, then we know that the firewall is doing its job."
In addition to the IDS sensors supported, Activis places its own security service appliance, or SSA, at each customer's site. The SSA ensures that all event information is duplicated for redundancy and sent back to two security management centers. In addition, if a managed device fails, the SSA allows Activis to rebuild the device remotely within a four-hour period.
"If a firewall fails as far away as Japan, we will be able to rebuild that firewall from the ground up, without having to visit the site, inside four hours," Walters said. "And we don't just rely on an Internet connection to the SSA. We always have an encrypted PSTN or ISDN link to our SSA device, so we can continue to function even if the Internet connection goes down or is taken down with a denial of service type attack."
Activis' managed IDS service is priced per sensor, with an initial setup charge followed by an annual fee. The typical setup fee is about $3,500 per sensor, with significant volume discounts. Similarly, the average annual cost for a network sensor is about $22,000 per year. "It works out at between $1500 and $2000 per month per sensor for 24/7 alerting, reporting, signature updates, and all of the other things," Walters said.
Solid business sense
Among Activis' partners is the global ISP, PSINet.
"We already work very closely with some of the leading ISPs," Walters
said. "The whole Activis model lends itself very readily to ISPs and to
telcos. We've designed the infrastructure to be able to link in with the
existing network management solutions that ISPs and telcos may be using."
All reporting is delivered to customers through a secure Web portal, which can be fully re-branded to the ISP's own look and feel. "With every incident report, they can right-click on the description of the attack and see a whole wealth of information which can really assist in event diagnosis," Walters said. "That can actually appear to be part of the ISP's own infrastructure and service capability."
The Dutch mailing house TMI worked with Activis to protect its services for both traditional and electronic direct mail. Since much of TMI's business is conducted by e-mail, General Manager Dirk van Ledden saw viruses as a potentially crippling threat. "Our first concern focused on protecting us from a virus attack, delivered by e-mail, that might bring the network down," van Ledden said.
According to van Ledden, the thoroughness of Activis' reporting has been particularly satisfying. "While we get on with our business, Activis works in the background and sends me interception logs to confirm threats that have been stopped long before they become problems," he said.
Looking at the results he's gained from Activis' services, van Ledden stresses the universal importance of a total security solution. "As an entrepreneur, my focus is on my business, but I would have to say that Internet security is becoming important for any business," he said. "Everyone should have a system to protect themselves from Internet threats. It's good business sense."
And Walters contends that working with a managed security service provider like Activis is the best way to acquire that security. "We recently put a RealSecure network sensor outside our own firewall, and we were seeing 540,000 alerts every day," he said. "It's all about having the skills and the expertise, the security analysts in front of the consoles, to make sense of the enormous amount of information coming in."
— End
Online Resources:
Intrusion
Detection Systems Directory
IDS
Quick Reference Chart
| Related articles: | ||
| [Dec. 24, 2001] | White Paper: Reducing Network Security Risk | |
| [Sept. 25, 2001] | Physical Security Augments Logical Security | |
| [July 11, 2001] | ISP-Planet Survey: MSSPs | |
|
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
